OFFICE OF THE STATE TREASURER
NONFISCAL OFFICER RESPONSIBILITIES
For the Two Years Ended: June 30, 2009
Summary of Findings:
Total this audit: 2
Total last audit: 2
Repeated from last audit: 1
Release Date: June 3, 2010
State of Illinois, Office of the Auditor General
WILLIAM G. HOLLAND, AUDITOR GENERAL
To obtain a copy of the Report contact:
Office of the Auditor General, Iles Park Plaza, 740 E. Ash Street, Springfield, IL 62703
(217) 782-6046 or TTY (888) 261-2887
This Report Digest and Full Report are also available on the worldwide web at www.auditor.illinois.gov
• The Office of the Treasurer (Office) had not established adequate controls for securing its computer resources.
FINDINGS, CONCLUSIONS, AND RECOMMENDATIONS
COMPUTER SECURITY CONTROL WEAKNESSES
During testing of the Office’s computer security environment the following weaknesses were identified:
• Highly privileged user accounts had non-expiring passwords.
• Effective mechanisms to promote security were not always activated.
• Several security policies had not been updated to reflect the current environment.
• Over reliance on key technical staff leading to segregation of duties issues, and potential loss of required technical skills if staff were to depart.
• Servers and other computer infrastructure were not held in secure locations.
Effective security provides a means for safeguarding, securing, and controlling access to facilities, hardware and software, along with the information stored in the computer system. A lack of updated security policies and lax security parameters increases the risk of unauthorized access to computerized information. (Finding 09-2, pages 12-13)
We recommended the Office review its standard security guidelines, implement and enforce a password change requirement, timely disable accounts of terminated employees and contractors, assess segregation of duties and reliance on key technical staff and review physical security controls.
The Treasurer agreed with the recommendation.
The remaining finding pertains to conducting employee performance appraisals and compliance with ethics policies and procedures. We will review the Office of the Treasurer’s progress toward the implementation of our recommendation in our next examination.
Our special assistant auditors conducted a compliance examination of the Treasurer’s Nonfiscal Officer Responsibilities as required by the Illinois State Auditing Act. The accountants’ report does not contain any scope limitations, disclosures or other significant non-standard language.
WILLIAM G. HOLLAND, Auditor General
SPECIAL ASSISTANT AUDITORS
Our special assistant auditors on this examination were Crowe Horwath LLP.